hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enis Soztutar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17860) Implement secure native client connection
Date Wed, 05 Apr 2017 13:35:41 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15956862#comment-15956862

Enis Soztutar commented on HBASE-17860:

bq. Here is brief procedure for testing:
Thanks for the write up of the steps. The beauty of docker is that, we can indeed automate
these in the docker file so that everybody automatically gets the same environment. Maybe
we should do a start-secure-docker.sh script similar to the start-docker.sh so that a kerberozed
env is available.  

> Implement secure native client connection
> -----------------------------------------
>                 Key: HBASE-17860
>                 URL: https://issues.apache.org/jira/browse/HBASE-17860
>             Project: HBase
>          Issue Type: Sub-task
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>            Priority: Critical
>         Attachments: 17860.v2.txt, 17860.v3.txt, 17860.v4.txt
> So far, the native client communicates with insecure cluster.
> This JIRA is to add secure connection support for native client using Cyrus library.
> The work is based on earlier implementation and is redone via wangle and folly frameworks.
> Thanks to [~devaraj] who started the initiative.
> Here is high level description of the design:
> * SaslHandler is declared as:
> {code}
> class SaslHandler
>     : public wangle::HandlerAdapter<folly::IOBufQueue&, std::unique_ptr<folly::IOBuf>>{
> {code}
> It would be inserted between EventBaseHandler and LengthFieldBasedFrameDecoder in the
pipeline (via ConnectionFactory::Connect())
> * SaslHandler would intercept writes to server by buffering the IOBuf's and start the
handshake process (via sasl_client_XX calls provided by Cyrus)
> * after handshake is complete, SaslHandler would send the buffered IOBuf's to server
and act as pass-thru from then on

This message was sent by Atlassian JIRA

View raw message